But you do filter it at your high schools.
Actually, most of the efforts to get around the filters have nothing to do with porn. Probably because you can't really enjoy porn in school. The main efforts of students are directed at locating music downloads and flash games.
With SSL intercept we can force safesearch on, but with the right terms some things still slip through.
Then it becomes Not My Problem.
School employees certainly are. I personally think that exposure to pornography is of very little harm - a few people show an addictive response, but that's no different from television. If I said that publically though, I'd lose my job. It's just something that school employees must never, ever say in public - at least in this country. Privately, there is much derision of the anti-sex brigade - but we know we must comply. Also, gives an excuse to delete all those pictures of Justin Bieber topless.
There's a reason a lot of porn utilises school settings. For most people, that was their environment when they first started to show an interest in sex, and so the setting for the first experiences and fantasies. Something like that leaves a lasting impact.
I don't know about you, but I have never met a porn site I needed to use SSL on or https.
Google images. For most students, the first place they go in search of porn.
And even if the waiver holds up, you'd still have to deal with the media circus and damage to reputation.
One teacher. Thirty students. Alt-tab.
We also have a transparent intercept on port 80. And no, the proxy doesn't accept CONNECT. We even block ICMP, so no ping-tunnels. You should be able to tunnel your way out over HTTP, but it'll take a bit of work - far beyond what students can do.
They have low-tech means of circumventing the filter, mostly involving spending an hour going through page after page on google until they find a site not blocked.
Wouldn't mean much. Screencaps can be trivially faked, anyway. The submitter clearly doesn't want us to know which school this is. I can only say it isn't the one I work at - we use SSL interception on the school computers, but not on the BYOD network, which simply blocks SSL entirely.
The school would simply explain that monitoring use of the IT facilities is an essential part of their safeguarding or child protection policy. That's as far as it'll go.
It's one of the big rules of school management. You do *not* question the safeguarding program. No matter how silly it may seem. To do so would risk opening onesself up to accusations of endangering students. No school employee ever lost their job for being too cautious.
The policy which requires the school protect the children against dangerous* sexual imagery and enforce the school's anti-bullying policy**.
*We're talking to parents here - as far as they are concerned, it's dangerous.
**If students are exchanging harsh insults on the school email, we need to know about it.
I work at a school. Yes, we have all machines on their network trust us as a root CA. We do that with good reason.
Currently in most countries, especially the UK, there is an atmosphere of paranoia bordering on terror anywhere that minors and sex may come within a hundred meters of each other. Even so, teenagers tend to meet their stereotype and display a fascination with sexual imagery. This means that it is absolutely essential that schools maintain a comprehensive internet content filter. This is not an optional extra. Without it, it's only a matter of time (and not much time) before some student happens across Dirty Dave's Scat and Fisting Gallery and shows it off to all his classmates. This in turn results in many terrified parents, legal action against the school for destroying jimmy's innocent little mind, and columns in the Daily Mail demanding the head be fired.
If we could not filter the internet, there would be no option but to forgo it. If we could not filter the ssl sites, there would be no option but to block ssl entirely by blocking all traffic on port 443. There is no possibility of effectively filtering SSL without installing a root CA, and so that is what we have to do for any device on our network that needs SSL connectivity.
Got that? No filtering, no internet. That's just the way it is. I don't like censorship more than anyone else, but this is the real world and sometimes ideology has to take a back seat to practicality and an angry mob of parents. Besides, without effective filtering, the students would spend more time playing flash games, watching the yogscast, listening to music videos and checking facebook than actually doing their work. Giving the students a locked-down and heavily censored internet is still better than giving them no internet at all, which would hold them back academically.
Autodesk has done this before. GeneriCAD, Drafix, were just a few competitors which Autodesk acquired and shutdown. Their practices are very anticompetitive.